Friday, March 11, 2022 // (IG): BB //Weekly Sponsor: ISG
NSA chief trumpets intelligence sharing with Ukraine, American public
FROM THE MEDIA: The head of the country’s top digital spy agency on Thursday defended U.S. intelligence sharing with Ukraine, as well as the American public, predicting that the practices used before — and during — Russia’s invasion would be applied again in the future. “We share a lot of intelligence but here’s the difference: the intelligence that we’re sharing is accurate. It’s relevant and it’s actionable,” U.S. Cyber Command and National Security Agency chief Paul Nakasone said during the Senate Intelligence Committee’s annual hearing on the greatest threats to U.S. national security. “I think when we look back at this, that’s the key piece of what we’ve been able to do as an intelligence community,” he added. Officials say the U.S. has long shared intelligence with Kyiv and would continue to do so, but questions have arisen over whether Washington is sharing targeting information with Ukrainian forces to fight back against Russia. Last week House Armed Services Committee Chair Adam Smith (D-Wash.) said the U.S. is giving some intelligence to Ukraine but “not providing the kind of real-time targeting.”
READ THE STORY: The Record
A QUICK LOOK:
Intel chiefs, lawmakers wait for other shoe to drop on Russian cyberattacks against Ukraine
FROM THE MEDIA: U.S. intelligence leaders and House lawmakers on Tuesday signaled they remain on edge that Russia could unleash a digital salvo on the country, and its allies, as Moscow’s invasion of Ukraine escalates. The various remarks — made during the public segment of the House Intelligence Committee’s annual worldwide threats hearing — are the latest acknowledgment that, while Russia has engaged in some malicious activities against Ukraine, the Kremlin has yet to fully deploy its legions of hackers and that what until now have been minor skirmishes could grown into full-scale, online conflict with ramifications for the rest the world. “Offensive cyber operations present a significant risk to our homeland,” Intelligence Committee Chair Adam Schiff (D-Calif.) said in his opening statement. “As the crisis in Ukraine continues, we must be extremely watchful.” The Biden administration last month attributed denial of service attacks on Ukrainian military and bank websites to Russia’s military intelligence agency, prompting officials to warn systems administrators in the public and private sectors to watch for suspicious activity that could disrupt their operations.
READ THE STORY: The Record
A QUICK LOOK:
Cyber Command chief tells Congress chip shortage has national security implications
FROM THE MEDIA: China’s increasing progress toward producing enough semiconductor chips domestically to avoid relying on foreign trade is a “very timely question” and one of “great concern for us in terms of broader impacts,” U.S. Cyber Command and National Security Agency head Gen. Paul Nakasone told House Intelligence Committee members this week. China’s increasing progression toward so-called chip independence — which, if achieved, would give the Chinese more leverage to act as they please without fear of sanctions — poses a threat, Nakasone told Congress Tuesday. Rep. Rick Crawford, an Arkansas Republican who sits on the Intelligence Committee, told CyberScoop that Nakasone’s private remarks in a subsequent closed-door session made clear that American reliance on Russia and Ukraine for the neon gas needed to make chip component parts is among the “broader impacts” the general referenced. The United States is lagging in domestic semiconductor chip production, while Ukraine and Russia produce 90% of America’s neon gas supply and about half of the total global supply, said Sujai Shivakumar, senior fellow of the Renewing American Innovation Project at the Center for Strategic and International Studies. China and Japan are the other major producers. If America is forced to rely on hostile countries for chip production and is unable to get the components needed to manufacture them, it could have a powerful cascade effect.
READ THE STORY: Cyber Scoop
A QUICK LOOK:
NIST Seeks Comments on Cybersecurity Framework Refresh
FROM THE MEDIA: The National Institute of Standards and Technology (NIST) is seeking comments to improve its Cybersecurity Framework, “Framework for Improving Critical Infrastructure Cybersecurity” (Request for Information available here). The Cybersecurity Framework is a key document providing organizations with standards, guidelines, and best practices to manage cybersecurity risk. With many changes to the cybersecurity landscape since the last update to the Cyber Framework in 2018, NIST hopes to address new threats, capabilities, technologies, and resources. Comments are due by April 25, 2022. In particular, NIST is seeking guidance on whether it should integrate supply chain-related cybersecurity guidance into the Cyber Framework or create a new cyber-related supply chain framework. The comment period closes on April 25, 2022, and information on submitting comments can be found here. Putting it into Practice: The NIST Cyber Framework is an important cyber threat management tool for companies looking to develop and secure their data security programs. This comment period is a key opportunity for organizations to improve the Framework and provide important feedback to ensure the Framework reflects actual experience and practice.
READ THE STORY: National Law Review
A QUICK LOOK:
Invasion of Ukraine: The Impact on Insurance
FROM THE MEDIA: The Russian invasion of Ukraine will have an impact on insurance processes and renewals and the events of the last few weeks have immediate repercussions on certain lines of coverage. Impact on Marine Cargo and Property Marine Cargo is one of the most impacted lines of coverage from the events in Russia and Ukraine. These policies do not cover damage or expense arising from war, insurrection, or any hostile act by or against a threatening power. We have been notified that some Cargo insurance carriers have invoked their right to issue a Notice of Cancelation (NOC) specific to War, Strikes, Riots, and Civil Commotion (SRCC) risks in, to, and from Russia, Ukraine, Black Sea, and Sea of Azov within territorial waters. These NOCs are subject to the Notice of Cancelation period which can range from 48 hours to 7 days. Carriers are then reinstating coverage, and putting geographical stipulations in place for war, strikes, riots, and civil commotion going forward. Thus far, coverage will remain in place for shipments to Russia or Ukraine, excluding War and SRCC, and per the remaining terms and conditions of your policy. If your policy affords coverage for War and SRCC in other geographies, your coverage should not be impacted in those regions.
READ THE STORY: JDSupra
A QUICK LOOK:
Groups warn about Russians' internet access
FROM THE MEDIA: The Biden administrations plan to strangle Russia’s economy in response to the invasion of Ukraine could have the unintended side effect of robbing Russian citizens of access to the web, a collection of organizations warned Thursday. Russia’s war has exposed just how ad hoc most online platforms handle content moderation, something which was made very clear today with a report that Meta will bend a fundamental policy to allow some users to call for violence against Russians. Let’s jump into the news. A group of over 40 human and digital rights organizations published an open letter to the Biden administration Thursday cautioning against limiting Russian’s access to the internet in response to the country’s invasion in Ukraine. Two major internet providers have already cut service in Russia since its Feb. 24 incursion into eastern Ukraine. Several software and telecommunications companies have also halted sales, a combined removal of services that threatens to leave Russian citizens without access to international services.
READ THE STORY: The Hill
A QUICK LOOK:
Transcript: Here’s What a Cyber War With Russia May Actually Look Like
FROM THE MEDIA: Russia’s invasion of Ukraine has set off a new wave of concern about cyber attacks. Indeed, there were already reports of some in the run up to the war—like when hackers reportedly targeted U.S. gas producers. But while worries about cyber attacks have been around for a long time, it remains hard to get a handle on the actual threat. Such attacks aren’t all that visible and information on them is often difficult to get, or comes long after the fact. On this episode of Odd Lots, Joe Weisenthal and Tracy Alloway speak with Matt Suiche, a famous hacker and co-founder of Comae Technologies, about what a cyber war between Russia and the West may actually look like.
READ THE STORY: Bloomberg
A QUICK LOOK:
How CAC become Chinese tech’s biggest nightmare
FROM THE MEDIA: The Cyberspace Administration of China’s core functions have expanded from content control to data security and privacy, and they affect the entire digital economy. The Cyberspace Administration of China (CAC) rose to fame as China’s central internet censor and it still is. But in the past few years, the agency has expanded its regulatory scope, gradually morphing into a super regulator that affects virtually every internet company in China. The CAC has been making headlines all over the world for the past two years as its power has grown exponentially and it has become the leading Chinese regulator in data security and privacy — playing an instrumental role in China’s ongoing tech crackdown. It was CAC that ordered a cybersecurity review on DiDi's data infrastructure just days after the ride-hailing giant’s U.S. IPO. The cyber watchdog later required companies that hold data for more than 1 million users to undergo a security review before listing their shares overseas. The agency also represents China’s interest in international data governance.
READ THE STORY: Protocol
A QUICK LOOK:
NSA director: Limited Russia cyberattacks so far, but threat remains
FROM THE MEDIA: NSA Director and Commander of Cyber Command Paul Nakasone told lawmakers Thursday that he does not believe the threat of cyberwarfare in Russia's invasion of Ukraine has passed despite its very muted presence thus far. Nakasone said they had seen "three or four" cyberattacks so far. "We remain vigilant," he told a Senate hearing. "We're 15 days into this conflict. By no means are we sitting back and taking this casually, we are watching every single day for any type of unusual activity." Though there have been no official attributions, external observers have noted two rounds of denial of services paired with text message spam meant to sew distrust in banks, three different forms of wiper malware used in limited attacks in Ukraine, and an attack on Viasat service in Europe causing outages and damaging equipment. Viasat is believed to be used by the Ukrainian military. Though none of these attacks have been formally attributed to Russia, all have suspected links to the invasion due to timing and targeting. While that is the presence of cyberwarfare, it is nowhere near the destructive capability Russia has demonstrated against Ukraine in even the last few years. In 2015 and 2016, Russia caused power outages in Ukraine. In 2017, it launched the NotPetya wiper causing billions of dollars globally in spillover damage after it overflowed from its Ukrainian targets.
READ THE STORY: SC Magazine
A QUICK LOOK:
Vodafone and Mercado Libre Likely Hit by Ransomware Attacks
FROM THE MEDIA: The ransomware group that hit Samsung and Nvidia appears to have struck two new big-name targets in the tech sector: a South American e-commerce giant and a British telecom multinational. Buenos Aires-based online marketplace Mercado Libre admitted in an SEC filing this week that source code and user data were accessed, although it did not reveal how. “Although data from approximately 300,000 users (out of our nearly 140 million unique active users) was accessed, to date and according to our initial analysis, we have not found any evidence that our infrastructure systems have been compromised or that any users’ passwords, account balances, investments, financial information or credit card information were obtained. We are taking strict measures to prevent further incidents,” it said. Separately, Vodafone is reportedly investigating claims that internal data was breached. Both companies were reportedly cited by ransomware group Lapsus in a message to its subscribers on Telegram this week. The group asked which victim organization’s data should be leaked next: Vodafone, Mercado Libre or Portuguese media firm Impresa. It claimed to have 200GB of Vodafone source code in its possession.
READ THE STORY: Info security magazine
A QUICK LOOK:
Russia may try to dodge sanctions using ransomware payments, warns US Treasury
FROM THE MEDIA: The Financial Crimes Enforcement Network has issued a statement for financial institutions to be aware of suspicious activity. As the United States and its companies distance themselves from Russia in the wake of its invasion of Ukraine, the Treasury says Russia may be attempting to avoid the sanctions by utilizing ransomware payments to do so. A statement from the Financial Crimes Enforcement Network (FinCEN) says that an alert has been issued for financial institutions to be careful in preventing Russia from evading the restrictions the U.S. has placed on the Eastern European country. “In the face of mounting economic pressure on Russia, it is vitally important for U.S. financial institutions to be vigilant about potential Russian sanctions evasion, including by both state actors and oligarchs,” said Him Das, FinCEN’s acting director. “Although we have not seen widespread evasion of our sanctions using methods such as cryptocurrency, prompt reporting of suspicious activity contributes to our national security and our efforts to support Ukraine and its people.”
READ THE STORY: Tech Republic
A QUICK LOOK:
Items of interest
DDoS attacks expand as cybercriminals target cloud providers and ransomware victims(Article)
FROM THE MEDIA: 2021 saw an array of record-breaking DDoS attacks, many aimed at cloud companies and ransomware victims who resisted paying the ransom, says Radware. The DDoS, or distributed denial of service, attack has long been a popular method for cyberattack. By flooding a website with more requests than it can handle, a hacker can cause the site to slow down and eventually crash, making it unavailable for legitimate users. But in 2021, cybercriminals expanded the types of organizations at the receiving end of DDoS attacks. A report released Thursday by cybersecurity firm Radware looks at how DDoS attacks surged and spread last year. As detailed in its 2021-2022 Global Threat Analysis Report, Radware found that the number of DDoS attacks in 2021 jumped by 37% per customer over 2020. On its end, Radware discovered and blocked 580,766 DDoS attacks for all of last year, with an average of 1,591 per day.
READ THE STORY: Tech Republic
$1.5 trillion omnibus bill leaves the House with provisions targeting ransomware and China's digital yuan(Video)
FROM THE MEDIA: A long-delayed appropriations bill for 2022 has passed in the House of Representatives and is heading for the Senate as of March 9. Included in the bill's 2,741 pages of legislation are several provisions aiming at China's central bank digital currency, or CBDC, as well as new requirements for ransomware reporting. One section calls for the President to produce a report on the Chinese digital yuan, particularly the "short-, medium-, and long-term national security risks" that it poses. The risks the report would emphasize are transactional surveillance, illicit financing, and economic coercion from China.
BazarBackdoor Malware is Hitting Website Contact Forms to Evade AV Detection(Video)
FROM THE MEDIA: Cybersecurity researchers discovered the new activity of the notorious BazarBackdoor malware. Instead of deploying phishing emails to attack its victims, it now deploys ransomware payloads via website contact forms. The BazarBackdoor malware is recently spotted spreading infection in website contact forms, a thing that caught researchers by surprise. As security analysts from Abnormal Security pointed out in a report, the BazarBackdoor malware is known for its phishing campaign which it usually uses when deceiving the victims. When the unaware user clicks a file or a document containing malware, this security threat will automatically be installed in a particular device.
About this Product
These open source products are reviewed from analysts at InfoDom Securities and provide possible context about current media trends in regard to the realm of cyber security. The stories selected cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not specifically endorse any third-party claims made in their original material or related links on their sites, and the opinions expressed by third parties are theirs alone. Contact InfoDom Securities at dominanceinformation@gmail.com